SVG Polygot fail?

Question

SVG Polygot fail?

Closed this issue 2 years ago · 1 comments

I am looking into making the SVG module better, any tips? Do any of the SVG file polygots work? It looks like they are always failing because the input file lacks parasites and zipper

./mitra.py input/svg.svg input/gif87.gif -f --verbose

! File type 1 (SVG) doesn't support parasites.
! File type 1 (SVG) doesn't support zippers.

SVGs are forgiving, there are additional methods here:
https://blog.mindedsecurity.com/2015/08/pdf-based-polyglots-through-svg-images.html

Answer 1 · 2023-04-09T06:08:23.000Z

Like XML, SVG only accept printable strings, so they reject most [binary] file formats.

PDF can easily be turned into such a form - see mutool clean -a - which is exceptional among file formats.
Another unique format with a similar possibility (but unofficially) are Flash files, which can be turned into ASCII files via clever compression: see Rosetta Flash and ASCII Zip.

So, while PDFs can be turned into script comments, therefore used with XML and SVG, among others, most formats won't work.

Mitra is not a text polyglot tool - just turn the parasite file into ascii, surround it with text comments.